losing my mind #52
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "CI" | |
on: | |
# Run only when pushing to main branch, and making PRs | |
push: | |
branches: | |
- main | |
pull_request: | |
env: | |
REGISTRY: ghcr.io | |
IMAGE_NAME: ${{ github.repository }} | |
jobs: | |
build: | |
runs-on: [ubuntu-latest] | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Free disk space | |
run: | | |
sudo docker rmi $(docker image ls -aq) >/dev/null 2>&1 || true | |
sudo rm -rf \ | |
/usr/share/dotnet /usr/local/lib/android /opt/ghc \ | |
/usr/local/share/powershell /usr/share/swift /usr/local/.ghcup \ | |
/usr/lib/jvm || true | |
echo "some directories deleted" | |
sudo apt install aptitude -y >/dev/null 2>&1 | |
sudo aptitude purge aria2 ansible azure-cli shellcheck rpm xorriso zsync \ | |
esl-erlang firefox gfortran-8 gfortran-9 google-chrome-stable \ | |
google-cloud-sdk imagemagick \ | |
libmagickcore-dev libmagickwand-dev libmagic-dev ant ant-optional kubectl \ | |
mercurial apt-transport-https mono-complete libmysqlclient \ | |
unixodbc-dev yarn chrpath libssl-dev libxft-dev \ | |
libfreetype6 libfreetype6-dev libfontconfig1 libfontconfig1-dev \ | |
snmp pollinate libpq-dev postgresql-client powershell ruby-full \ | |
sphinxsearch subversion mongodb-org azure-cli microsoft-edge-stable \ | |
-y -f >/dev/null 2>&1 | |
sudo aptitude purge google-cloud-sdk -f -y >/dev/null 2>&1 | |
sudo aptitude purge microsoft-edge-stable -f -y >/dev/null 2>&1 || true | |
sudo apt purge microsoft-edge-stable -f -y >/dev/null 2>&1 || true | |
sudo aptitude purge '~n ^mysql' -f -y >/dev/null 2>&1 | |
sudo aptitude purge '~n ^php' -f -y >/dev/null 2>&1 | |
sudo aptitude purge '~n ^dotnet' -f -y >/dev/null 2>&1 | |
sudo apt-get autoremove -y >/dev/null 2>&1 | |
sudo apt-get autoclean -y >/dev/null 2>&1 | |
echo "some packages purged" | |
- uses: DeterminateSystems/nix-installer-action@main | |
name: Install Nix | |
- uses: cachix/cachix-action@v12 | |
with: | |
name: codosseum | |
authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}" | |
- name: Install omnix | |
run: nix --accept-flake-config profile install "github:juspay/omnix" | |
- name: Build all flake outputs | |
run: om ci | |
- name: What GHC version? | |
run: nix develop -c ghc --version | |
build-docker: | |
runs-on: ubuntu-latest | |
needs: build | |
permissions: | |
contents: read | |
packages: write | |
attestations: write | |
id-token: write | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: DeterminateSystems/nix-installer-action@main | |
name: Install Nix | |
with: | |
extra-conf: | | |
trusted-public-keys = cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= | |
substituters = https://cache.garnix.io?priority=41 https://cache.nixos.org/ | |
- uses: DeterminateSystems/magic-nix-cache-action@main | |
- uses: cachix/cachix-action@v12 | |
with: | |
name: codosseum | |
authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}" | |
- name: Log in to the Container registry | |
uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build and publish Docker image | |
if: ${{ github.ref == 'refs/heads/main' && runner.os == 'Linux' }} | |
run: | | |
docker load -i $(nix build .#dockerImage --print-out-paths) | |
docker tag ${{ env.IMAGE_NAME }}:$(git rev-parse --short HEAD) ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} |